Data Privacy Impact Assessments

Data protection in screening

The protection of personal data and the secure means in which it is handled has become one of the most important contributing factors in determining a best practice screening organisation for both clients and candidates alike.

Security Watchdog has always had data protection at the very heart of everything we do and is never something we would compromise on.

Security Watchdog is proud to be certified to ISO 27001 (the internationally recognised standard for information security) and this covers all aspects of our operation in every location for which we are audited throughout the year by specialist Information Security and Data Protection auditors. We are fully committed to ensuring the integrity, security and availability of all data that we process.

Not only are we experts in UK Data Protection but as an international screening business we have to be experts in Data Protection in all countries that we operate in across EMEA and globally to ensure that the checks that we carry out for clients and our processes are fully compliant with local employment and Data Protection laws.

GENERAL DATA PROTECTION REGIME (GDPR) - THE PROPOSAL

The General Data Protection Regulation, implemented on the 25th May 2018, represents the most significant development in data protection law since the launch of the EU Data Protection Directive.

This legislation has not actually replaced the United Kingdoms Data Protection Act, which was also updated in 2018 to bring UK law into line with the European directive, but the two should be viewed as complementary documents.

In transposing the GDPR into the DPA2018, the Government has ensured that UK will remain compliant with the data regulation even once we leave the European Union – something that is essential if businesses which to control or process EU citizens data wish to continue doing.

The changes have been far reaching, and have necessitated a set of data protection compliance for each and every business process that handles personal data. Fines for non-compliance are very hefty and can run up to millions of euros, whether the breach is deliberate of not. Ignorance of the laws is not acceptable, nor a legal defence that will be tolerated.

Whilst the Information Commissioners Office, the official body that is responsible for enforcing this legislation in the UK, has made it clear that ensuring that UK businesses are compliant is its priority, the fines associated with the legislation can be substantial. Infringements of certain articles of the GDPR relating to topics including data processing principles and data transfers to third world countries, for example, could result in fines of €20 million or 4% of annual global turnover, whichever is higher.

SINGULAR REGULATORY AUTHORITIES

The proposed Regulation states that companies should have one regulatory authority that acts across all EU member states. It is recommended that this single-point of authority should be located where the main decisions on, and means of, data handling decisions take place. This will enable your organisation to have a consistent approach to data handling in every member state.

The proposal effectively explains that each EU member state will regulate GDPR within its border. Companies will be required to appoint and payroll one or more Data Protection Officer. However, these Officers will report directly to the country Regulatory Authority NOT to the company itself.

These officers will be obligated under severe penalties of the law to report all breachs of GDPR they uncover to the Authority directly or take the legal consequences should they fail to do so, or try to cover up these breaches.

THE THREE PRINCIPLES OF COMPLIANCE

There are guidelines that can be followed in order to make your company compliant with the new Regulation. The Advisory Bureau has published The Three Principles of Compliance - a guidance report that can help organisations who operate within multiple EU States to retain compliance during the development of the new Regulation.

How can we help with data protection?

WHAT CAN A DATA PRIVACY IMPACT ASSESSMENT DO FOR YOU?

A data privacy impact assessment is designed to help you achieve compliance before the NEW GDPR (explained at the bottom of this page) law takes effect and consists of:

Producing a readiness audit report to establish just how ready your organisation is to meet the requirements of the new law

Assisting in understanding exactly what data is being processed and to identify key processes that require data privacy policies putting in place

Guidance on producing fit for purpose policies

Assistance on producing an action plan with timescales for implementation of polices

Recommendations and advice on best practice in data handling and protection

As far as execution and enforcement of GDPR is concerned the European Commission has stated that ignorance of the law is not an acceptable excuse and fines will be levied regardless of status and commensurate to the size and profitability of the company. These enormous financial penalties will be equivalent of 2-4% of global turnover which in some cases to run into millions of Euros.

For more details about our Data Privacy Impact Assessments please contact us below.